HOME

TheInfoList



Click Here for Items Related To - Hardware Keylogger
OR:
Hardware Keylogger on:   [Wikipedia]   [Google]   [Amazon]

Hardware keyloggers are used for
keystroke logging Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitore ...
, a method of capturing and recording computer users' keystrokes, including sensitive passwords. They can be implemented via
BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is a type of firmware used to provide runtime services for operating systems and programs and to perform hardware initialization d ...
-level
firmware In computing Computing is any goal-oriented activity requiring, benefiting from, or creating computer, computing machinery. It includes the study and experimentation of algorithmic processes, and the development of both computer hardware, h ...
, or alternatively, via a device plugged inline between a
computer keyboard A computer keyboard is a built-in or peripheral input device modeled after the typewriter keyboard which uses an arrangement of buttons or Push-button, keys to act as Mechanical keyboard, mechanical levers or Electronic switching system, electro ...
and a computer. They log all keyboard activity to their internal memory.


Description

Hardware keyloggers have an advantage over software keyloggers as they can begin logging from the moment a computer is turned on (and are therefore able to intercept passwords for the
BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is a type of firmware used to provide runtime services for operating systems and programs and to perform hardware initialization d ...
or
disk encryption software Disk encryption software is a computer security software that protects the confidentiality of data stored on computer media (e.g., a Hard disk drive, hard disk, floppy disk, or USB flash drive, USB device) by using disk encryption. Compared to ac ...
). All hardware keylogger devices have to have the following: * A
microcontroller A microcontroller (MC, uC, or μC) or microcontroller unit (MCU) is a small computer on a single integrated circuit. A microcontroller contains one or more CPUs (processor cores) along with memory and programmable input/output peripherals. Pro ...
- this interprets the datastream between the keyboard and computer, processes it, and passes it to the non-volatile memory * A non-volatile memory device, such as flash memory - this stores the recorded data, retaining it even when power is lost Generally, recorded data is retrieved by typing a special password into a computer text editor. The hardware keylogger plugged in between the keyboard and computer detects that the password has been typed and then presents the computer with "typed" data to produce a menu. Beyond text menu some keyloggers offer a high-speed download to speed up retrieval of stored data; this can be via USB mass-storage enumeration or with a USB or serial download adapter. Typically the memory capacity of a hardware keylogger may range from a few
kilobytes The kilobyte is a multiple of the unit byte for digital information. The International System of Units (SI) defines the prefix '' kilo'' as a multiplication factor of 1000 (103); therefore, one kilobyte is 1000 bytes.International Standar ...
to several
gigabytes The gigabyte () is a multiple of the unit byte for digital information. The prefix ''giga'' means 109 in the International System of Units (SI). Therefore, one gigabyte is one billion bytes. The unit symbol for the gigabyte is GB. This defin ...
, with each keystroke recorded typically consuming a
byte The byte is a unit of digital information that most commonly consists of eight bits. Historically, the byte was the number of bits used to encode a single character of text in a computer and for this reason it is the smallest addressable un ...
of memory.


Types of hardware keyloggers

#A regular hardware keylogger is used for keystroke logging by means of a hardware circuit that is attached somewhere in between the computer
keyboard Keyboard may refer to: Text input * Keyboard, part of a typewriter * Computer keyboard ** Keyboard layout, the software control of computer keyboards and their mapping ** Keyboard technology, computer keyboard hardware and firmware Music * Mus ...
and the computer. It logs all keyboard activity to its internal memory which can be accessed by typing in a series of pre-defined characters. A hardware keylogger has an advantage over a software solution; because it is not dependent on the computer's operating system it will not interfere with any program running on the target machine and hence cannot be detected by any software. They are typically designed to have an innocuous appearance that blends in with the rest of the cabling or hardware, such as appearing to be an EMC
Balun A balun (from "balanced to unbalanced", originally, but now derived from "balancing unit") is an electrical device that allows balanced and unbalanced lines to be interfaced without disturbing the impedance arrangement of either line. A ba ...
. They can also be installed inside a keyboard itself (as a circuit attachment or modification), or the keyboard could be manufactured with this "feature". They are designed to work with legacy
PS/2 The Personal System/2 or PS/2 is IBM's second generation of personal computers. Released in 1987, it officially replaced the IBM PC, XT, AT, and PC Convertible in IBM's lineup. Many of the PS/2's innovations, such as the 16550 UART (serial por ...
keyboards, or more recently, with
USB Universal Serial Bus (USB) is an industry standard, developed by USB Implementers Forum (USB-IF), for digital data transmission and power delivery between many types of electronics. It specifies the architecture, in particular the physical ...
keyboards. Some variants, known as wireless hardware keyloggers, have the ability to be controlled and monitored remotely by means of a wireless communication standard. #Wireless keylogger sniffers - Collect packets of data being transferred from a wireless keyboard and its receiver and then attempt to crack the encryption key being used to secure wireless communications between the two devices. #Firmware - A computer's
BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is a type of firmware used to provide runtime services for operating systems and programs and to perform hardware initialization d ...
, which is typically responsible for handling keyboard events, can be reprogrammed so that it records keystrokes as it processes them. #Keyboard overlays - a fake keypad is placed over the real one so that any keys pressed are registered by both the eavesdropping device as well as the legitimate one that the customer is using. #Key commands - exist in much legitimate software. These programs require keyloggers to know when you’re using a specific command.


Countermeasures

Denial or monitoring of
physical access Physical access is a term in computer security that refers to the ability of people to physically gain access to a computer system. According to Gregory White, "Given physical access to an office, the knowledgeable attacker will quickly be able to ...
to sensitive computers, e.g. by closed-circuit video surveillance and access control, is the most effective means of preventing hardware keylogger installation. Visual inspection is the easiest way of detecting hardware keyloggers. But there are also some techniques that can be used for most hardware keyloggers on the market, to detect them via software. In cases in which the computer case is hidden from view (e.g. at some public access kiosks where the case is in a locked box and only a monitor, keyboard, and mouse are exposed to view) and the user has no possibility to run software checks, a user might thwart a keylogger by typing part of a password, using the mouse to move to a text editor or other window, typing some garbage text, mousing back to the password window, typing the next part of the password, etc. so that the keylogger will record an unintelligible mix of garbage and password text.Hardware Keylogger Detection
, SpyCop. General '' keystroke logging countermeasures'' are also options against hardware keyloggers. The main risk associated with keylogger use is that physical access is needed twice: initially to install the keylogger, and secondly to retrieve it. Thus, if the victim discovers the keylogger, they can then set up a
sting operation In law enforcement, a sting operation is a deceptive operation designed to catch a person attempting to commit a crime. A typical sting will have an undercover law enforcement officer, detective, or co-operative member of the public play a rol ...
to catch the person in the act of retrieving it. This could include camera surveillance or the review of access card swipe records to determine who gained physical access to the area during the time period that the keylogger was removed.


References


External links


Presentation about detection of hardware keyloggers
{{Webarchive, url=https://web.archive.org/web/20150223230430/http://conference.hackinthebox.org/hitbsecconf2010kul/materials/D1T1%20-%20Fabian%20Mihailowitsch%20-%20Detecting%20Hardware%20Keyloggers.pdf , date=2015-02-23 Cryptographic attacks Surveillance